General
-
Target
c1bc260eff93f5e3801145aac1eba8ee3256103e988c6ca7e0e467555f728161
-
Size
2.4MB
-
Sample
240629-ctz16asbmp
-
MD5
d571af1cb1302f25732c3e3277b0eae1
-
SHA1
42359ac1f5be4fb5027f7deec9ca19e954921269
-
SHA256
c1bc260eff93f5e3801145aac1eba8ee3256103e988c6ca7e0e467555f728161
-
SHA512
7805762c9003691156244a77aa4e2ad4b9bcb184e6bc1db103ff5efc1478f2e72ed6643e5659367651afc1709511ec88b9f4bb3d0131d38adbf589cc131ac7d9
-
SSDEEP
49152:S7r707U2I7V7s7E73P7qh1wvSAD2o6thgGmB0Hz09xRFWCq211XAvD41e+:K3OhWvSp5wpFWCv1lX
Static task
static1
Behavioral task
behavioral1
Sample
c1bc260eff93f5e3801145aac1eba8ee3256103e988c6ca7e0e467555f728161.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
c1bc260eff93f5e3801145aac1eba8ee3256103e988c6ca7e0e467555f728161
-
Size
2.4MB
-
MD5
d571af1cb1302f25732c3e3277b0eae1
-
SHA1
42359ac1f5be4fb5027f7deec9ca19e954921269
-
SHA256
c1bc260eff93f5e3801145aac1eba8ee3256103e988c6ca7e0e467555f728161
-
SHA512
7805762c9003691156244a77aa4e2ad4b9bcb184e6bc1db103ff5efc1478f2e72ed6643e5659367651afc1709511ec88b9f4bb3d0131d38adbf589cc131ac7d9
-
SSDEEP
49152:S7r707U2I7V7s7E73P7qh1wvSAD2o6thgGmB0Hz09xRFWCq211XAvD41e+:K3OhWvSp5wpFWCv1lX
-
Modifies firewall policy service
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1